Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/zec83eBAcszlF2bWanOpPmc4qfs.roa
File:                     zec83eBAcszlF2bWanOpPmc4qfs.roa (raw, json)
Hash identifier:          hjcBIIGOLtdKOyIjj8/8UyvO+bvMWH6BbMWJlJpKKwQ=
Subject key identifier:   CD:E7:3C:DD:E0:40:72:CC:E5:17:66:D6:6A:73:A9:3E:67:38:A9:FB
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       01912227457F94498BD6E1C55B3B64C937B9
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/zec83eBAcszlF2bWanOpPmc4qfs.roa
Signing time:             Mon 05 Aug 2024 10:48:04 +0000
ROA not before:           Mon 05 Aug 2024 10:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211509
IP address blocks:        2a0a:2c0:11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:22:27:45:7f:94:49:8b:d6:e1:c5:5b:3b:64:c9:37:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Aug  5 10:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cde73cdde04072cce51766d66a73a93e6738a9fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ac:9e:98:74:e6:1a:d2:ab:07:ed:c7:86:f3:
                    68:48:fc:1e:60:df:a2:ea:9e:a4:97:12:42:d7:34:
                    dd:46:42:fd:52:c7:70:39:28:e2:89:b3:d8:5a:cb:
                    07:56:b2:8a:47:cc:20:a0:04:30:6b:c2:a5:0d:40:
                    15:cd:1a:87:7c:d3:91:24:81:73:7b:fa:3f:a5:28:
                    91:23:44:98:6f:1d:35:35:d8:4d:17:83:fe:3e:bf:
                    a0:c7:e6:2c:3d:ba:e6:cd:8e:af:8a:21:72:dc:ee:
                    dd:5a:fe:3e:ed:a3:18:6c:e2:41:7a:01:24:dc:59:
                    1f:19:d4:ce:bd:f2:c7:a4:a9:a0:b9:67:e2:2d:0b:
                    b4:ad:da:76:3f:47:3b:4f:10:88:e1:60:8f:a3:fc:
                    38:a0:e3:d5:f2:5e:02:b8:db:e1:5b:1e:45:1d:6c:
                    11:2e:96:09:1e:81:d9:9b:59:20:35:a4:56:68:5d:
                    62:ad:1b:28:4e:5e:7f:28:38:66:43:85:3e:fe:aa:
                    0e:17:fa:07:47:31:16:ea:23:bb:50:c1:6c:98:15:
                    94:96:cd:8a:28:d6:7b:fa:e4:35:91:eb:15:aa:92:
                    17:93:1f:4a:90:88:b0:0b:68:21:67:c4:51:d5:47:
                    d1:7e:ca:11:f9:6d:4e:5d:fe:81:89:60:6a:95:58:
                    65:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:E7:3C:DD:E0:40:72:CC:E5:17:66:D6:6A:73:A9:3E:67:38:A9:FB
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/zec83eBAcszlF2bWanOpPmc4qfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2c0:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:2e:3e:37:8b:37:8f:02:41:40:01:3f:64:14:fe:14:33:fb:
         d2:fa:84:71:b3:10:39:d3:f6:79:51:c8:9b:b1:a3:92:d6:ff:
         40:13:bc:d5:b1:f7:f1:3b:dc:d5:27:3b:11:c9:63:81:5e:70:
         e5:71:59:d7:ab:b5:1c:c7:9f:51:46:fe:5b:ce:85:3c:1e:b0:
         bf:04:44:47:64:b8:a5:d5:a3:49:64:1d:56:48:39:a5:c4:aa:
         d4:ad:a5:13:d6:72:40:59:41:0a:17:b7:cb:82:9f:df:eb:0d:
         42:aa:d8:c7:0b:15:1e:f3:67:59:54:7d:62:1a:39:e9:b6:65:
         9d:f2:36:94:3a:cd:8f:52:43:09:c3:48:2c:2f:f7:53:45:98:
         00:aa:b8:a5:fc:8b:14:12:3f:f2:59:e2:d8:8f:fe:74:0f:ca:
         ce:c1:ba:48:b7:03:b1:11:7f:ea:c0:24:2e:d9:e0:6f:40:00:
         8e:91:10:9b:f5:5c:df:c5:c1:d7:3c:3c:44:da:f9:64:37:56:
         2d:de:18:80:d5:b3:44:e3:23:2b:d8:64:00:8a:ea:72:9f:39:
         8f:b5:f3:d5:1a:e1:08:82:33:44:a9:e9:59:09:a0:ba:ea:74:
         96:2b:73:24:3d:98:56:4e:09:fa:cb:56:17:da:b2:5e:cb:fe:
         7b:05:2e:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZEiJ0V/lEmL1uHFWztkyTe5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjQwODA1MTA0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGU3M2NkZGUwNDA3MmNjZTUxNzY2ZDY2YTczYTkzZTY3MzhhOWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqyemHTmGtKrB+3HhvNoSPweYN+i
6p6klxJC1zTdRkL9UsdwOSjiibPYWssHVrKKR8wgoAQwa8KlDUAVzRqHfNORJIFz
e/o/pSiRI0SYbx01NdhNF4P+Pr+gx+YsPbrmzY6viiFy3O7dWv4+7aMYbOJBegEk
3FkfGdTOvfLHpKmguWfiLQu0rdp2P0c7TxCI4WCPo/w4oOPV8l4CuNvhWx5FHWwR
LpYJHoHZm1kgNaRWaF1irRsoTl5/KDhmQ4U+/qoOF/oHRzEW6iO7UMFsmBWUls2K
KNZ7+uQ1kesVqpIXkx9KkIiwC2ghZ8RR1UfRfsoR+W1OXf6BiWBqlVhlRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM3nPN3gQHLM5Rdm1mpzqT5nOKn7MB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvemVjODNlQkFjc3psRjJiV2FuT3BQbWM0cWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgoCwAAR
MA0GCSqGSIb3DQEBCwUAA4IBAQCKLj43izePAkFAAT9kFP4UM/vS+oRxsxA50/Z5
UcibsaOS1v9AE7zVsffxO9zVJzsRyWOBXnDlcVnXq7Ucx59RRv5bzoU8HrC/BERH
ZLil1aNJZB1WSDmlxKrUraUT1nJAWUEKF7fLgp/f6w1CqtjHCxUe82dZVH1iGjnp
tmWd8jaUOs2PUkMJw0gsL/dTRZgAqril/IsUEj/yWeLYj/50D8rOwbpItwOxEX/q
wCQu2eBvQACOkRCb9VzfxcHXPDxE2vlkN1Yt3hiA1bNE4yMr2GQAiupynzmPtfPV
GuEIgjNEqelZCaC66nSWK3MkPZhWTgn6y1YX2rJey/57BS4k
-----END CERTIFICATE-----